Not oc, but services like Linode often offer "console" access via a virtualized tty for VPS systems.

Having a local backup user is a viable backup path then. If you wire up pam enough you can even use MFA for local login.

Then I log in to Linode or whatever and open a hole up in the firewall. That's easy. But Cloudflare rarely goes down, not really something I worry about.

You could restrict the ssh port by ip as well.